Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
References
Link | Resource |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
Information
Published : 2015-12-21 03:59
Updated : 2015-12-22 10:41
NVD link : CVE-2015-7907
Mitre link : CVE-2015-7907
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
honeywell
- midas_firmware
- midas_black_firmware